问题描述
必须从远程计算机上获取.以下查询不适用于SID,但适用于组名和帐户名.
This has to be obtained from a remote machine. The following query works not for SIDs, but for group and account names.
"SELECT GroupComponent FROM Win32_GroupUser WHERE PartComponent = \"Win32_UserAccount.Domain='" + accountDomain + "',Name='" + accountName + "'\""
它返回的Win32_Group对象以字符串形式出现,并且它们仅具有域和名称(即使Win32_Group具有SID属性).
The Win32_Group objects it returns come in the forms of strings, and they only have domain and name (even though Win32_Group has a SID property).
我有这种下沉的感觉,我将不得不:
I have this sinking feeling I'll have to:
- 通过查询Win32_SID将SID转换为帐户名;
- 执行上面的查询; 通过查询Win32_Group将每个生成的组名称转换为SID.
- Turn the SID into an account name by querying Win32_SID;
- Perform the query above;
- Turn each of the resulting group names into SIDs by querying Win32_Group.
推荐答案
可以使用 System.DirectoryServices.AccountManagement 名称空间类?
using (var context = new PrincipalContext( ContextType.Domain ))
{
using (var user = UserPrincipal.FindByIdentity( context, accountName ))
{
var groups = user.GetAuthorizationGroups();
...iterate through groups and find SIDs for each one
}
}
它应该与ContextType.Machine一起使用,尽管您需要指定计算机名称并具有适当的特权.
It should work with ContextType.Machine, though you'd need to specify the machine name and have appropriate privileges.
using (var context = new PrincipalContext( ContextType.Machine,
"MyComputer",
userid,
password ))
{
...
}
有一个不错的MSDN 文章(虽然很长)使用新的.NET 3.5帐户管理名称空间.
There's a nice MSDN article (longish, though) on using the new .NET 3.5 account management namespace.
这篇关于我有一个用户帐户的SID,我想要它所属的组的SID的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!